CN103680111B - Method and system capable of verifying intelligent sensing terminal data aggregation - Google Patents

Abstract

The invention discloses a method and a system capable of verifying intelligent sensing terminal data aggregation. The method comprises the following steps of firstly, generating and publishing global parameters by a network data aggregation server, collecting and generating registration information and encrypted spare data item sets of all the intelligent sensing terminals, and distributing the registration information and the encrypted spare data item sets to different data aggregation nodes; secondly, verifying the intelligent sensing terminals through the data aggregation nodes and alternately finishing a data aggregation process; finally, finishing verification on the correctness and the integrity of data statistic and a network data collecting process by using all the data published in the whole network data collecting process. The method is mainly characterized in that the data submitted by the intelligent sensing terminals in the data collecting process has the characteristics of privacy safety, statistic simplicity and verifiability.

Description

Can verify that Intellisense terminal data method for congregating and system

Technical field

Briefly, the present invention relates to computer information safety technique field, and have more particularly to one kind and can verify that The Intellisense terminal data method for congregating of the features such as property and its system.

Background technology

At present, data gathering system is generally by the aggregation server positioned at center, and the multiple gatherings being distributed to various places Node and multiple terminal are constituted.After terminal collection institute data at the scene, process through simple, by data by wired, or The wireless modes such as wifi, bluetooth, zigbee submit to closest aggregation node, and aggregation node generates the datagram of encryption Accuse, then these reports are sent to aggregation server by computer network.After accumulation process terminates, aggregation server is to collecting The report of all field datas carry out counting, analyze, and announce statistics.Terminal can be wire communication terminal, such as common Pc machine, more possibly mobile terminal, such as smart mobile phone, pda, panel computer, notebook computer etc..By configuring difference Sensing module, terminal can gather polytype field data, including COMMUNICATION NETWORK PERFORMANCES parameter, environment at the scene Temperature, air quality, traffic, free market commodity price etc..Therefore terminal data lens system can be applied to many Macroscopical situation provides strong help to policymaker's assurance to plant the statistic analysis result assembling data under scene.

With traditional lens system phase based on wireless sensor network (wsn:wireless sensor network) The sensing node of terminal data lens system has intelligent and mobility to ratio, and data can be pre-processed, and permissible Gather more data in moving process, without worrying power issue, it can in addition contain be distributed to using existing The mobile terminal of various places, need not additionally dispose sensing node.But also can using terminal in large-scale distributed data acquisition Bring new security threat.It is privacy concern first.Participate in the terminal of data acquisition, such as mobile phone etc., often make along with it User's movement, therefore these terminals, while submitting gathered data to, also expose the identity of its user, position, activity rule The privacy informations such as rule.Next to that data integrity issues, because terminal is not controlled by central server, some malicious node meetings Legal terminal is pretended to be repeatedly to send data, to affect the integrality of statistics.Data is in central server transmit process It is likely to be changed by the via node of malice.In addition, the server carrying out data statistics is likely to distort statistics so that counting According to end user be uncertain about the authenticity of statistics.

For this reason, exist in prior art and while hiding individuality terminal submits data to, remaining able to obtain and assemble to i.e. The statistics of data, and the integrality of this result does not rely on lens system and the side of the honesty of data aggregation server Method.

Content of the invention

Intellisense terminal data lens system described in the invention can protect the privacy of perception terminal, that is, hidden While hiding individual terminal submission data, remain able to obtain the statistics assembling data, and the integrality of this result is not Depend on the honesty of data aggregation server, any third party can verify the true of statistics according to public data Property.Each data intelligence perception terminal can also verify whether the data of oneself is counted into final statistics, and this feature increases Add the transparency of accumulation process, enhanced domestic consumer and participate in the confidence that data is assembled.

The problem to be solved in the present invention is to provide a kind of new intelligent terminal network data method for congregating and its related system, This Intellisense terminal data method for congregating and its system is made the network data such as to have personal secrets, can verify that and assemble in application Required important advantage.

In the data aggregation process of above-mentioned Intellisense terminal data lens system involved important component part and Main flow describes in detail as follows:

Preferably, the composition of data gathering system is: Intellisense terminal data lens system is by the data positioned at center Aggregation server, multiple data aggregation nodes, and it is distributed to the Intellisense terminal composition of various places.The collection of Intellisense terminal is existing After field data, process through simple, data is passed through wired, or the wireless mode such as wifi, bluetooth, zigbee is submitted to recently Data aggregation node, data aggregation node generates encryption data report, then these data reports passed by computer network Give data aggregation server.After accumulation process terminates, data aggregation server carries out to all field datas collected counting, Analysis, and announce statistics.The client of data gathering system query and statistical analysis result and former from data aggregation server Beginning data.

The function of each chief component in this system is described below.

Preferably, data aggregation server includes:

Bulletin unit: bulletin unit is used for each participant broadcast to system, leaves data on bulletin unit in Can be inquired about at any time by anyone.Data aggregation server can only add new in bulletin unit messaging list afterbody Message, and each message has attached the digital signature of data aggregation server, is supported with preventing attacker from distorting server Rely.

Registering unit: each participate in data assemble intelligent terminal before accumulation process starts first with line and The mode that line combines is registered to data aggregation server.Each terminal t_iGenerate a pair of public private key pair (v_i, x_i), and by public key y_iIt is sent to data aggregation server, private key x as the assumed name of oneself_iPreserved by terminal oneself is secret.t_iWill be using x_iTo oneself The data report submitted to is digitally signed, to ensure the reliability of data source.After the legitimacy of this terminal of server authentication, By its public key y_iIt is saved in legal Intellisense terminal assumed name list t_list.

Initialization unit: be responsible for generating common parameter, secret random number, the alternate data item set of encryption.That encrypts is standby After selecting collection of data items to generate, secret random number can abandon.After initialization procedure terminates, common parameter is appended to bulletin The afterbody of unit messaging list.

Data accumulation unit: the alternate data item set of encryption is removed multiple subsets and is separately input to each data by (1) The background data base of aggregation node.(2) the authentication information list t_list of all legal Intellisense terminals is input to each The background data base of data aggregation node.(3) collect data from each data aggregation node.

Data statistics release unit: carried out according to the encryption data report that data intelligence perception terminals all in network are submitted to Data statistics, provides statistical conclusions according to data statistics result.Meanwhile, using BBS system, all data intelligences are perceived The data report that terminal is submitted to is announced, in order to customer inquiries and checking statistics.

Preferably, data aggregation node includes:

Data aggregation node function to be completed includes: (1) alternate data item set that storage is encrypted safely.(2) to intelligence The legitimacy of energy perception terminal is verified.Take precautions against some malicious peer pretend to be legal terminal repeatedly participate in data aggregation process with Destroy the integrality assembling result.(3) receive the data of Intellisense terminal, be transcribed into corresponding encryption data report. (4) prove that the encryption data generating report truly encapsulates the data of terminal submission using interactive mode to terminal.

Preferably, Intellisense terminal includes:

Intellisense terminal obtains what field data generating was approved by data aggregation node accordingly by sensing module Data options.During etc. moving in the transmission range of certain data aggregation node, data options are sent to this node, simultaneously with Interactive mode verifies the validity of the encryption data report that node generates.Last Intellisense terminal utilizes the private key x of oneself_iFor The final encryption data report generation digital signature determining.

According to a further aspect in the invention, provide a kind of method that network data is assembled, methods described includes procedure below: Basic data aggregation process is by initial phase, endpoint registration stage, data assembles the stage and the statistics stage forms.(1) exist Initial phase, data aggregation server is responsible for generating common parameter, secret random number, the alternate data item set of encryption.Plus After close alternate data item collection symphysis becomes, secret random number can abandon.After initialization procedure terminates, common parameter is added To the afterbody of bulletin unit messaging list, download for other participants.The alternate data item set of encryption is removed multiple subsets and is divided It is not input to the background data base of each data aggregation node.Need to generate the use of oneself in each data aggregation node of this stage Public private key pair (y in certification_i, x_i).The public key y of all valid data aggregation nodes_iForm list n_list, and by n_list It is appended to the bulletin unit of data aggregation server.(2) in registration phase, the intelligent terminal that each participates in data gathering is being assembled Stage registers to data aggregation server before starting first.Each terminal t_iGenerate a pair of public private key pair (y_i, x_i), public key y_i It is saved in terminal authentication information list t_list as Intellisense terminal assumed name.Private key x_iSecret guarantor is responsible for by terminal oneself Deposit.(3) assemble the stage in data, Intellisense terminal first with interact formula apart from oneself nearest data aggregation node and recognize Then the data is activation of collection in worksite is given this data aggregation node by card.After this node receives the data of terminal, translated Become corresponding encryption data report.Terminal can interactively verify the validity of the encryption data report that this node generates. The data report form that data aggregation node ultimately produces is 4 tuples (Intellisense terminal assumed name, encrypted data item, an intelligence The signature of energy perception terminal, the signature of data aggregation node).Effectively data report is sent to number eventually through computer network According to aggregation server, they are published to by bulletin unit by server.(4) in the data statistics stage, data aggregation server profit With all data report counting statistics results collected.Other participants can also under conditions of there is no decruption key basis Data report on bulletin unit is using simple algorithm counting statistics result to verify the integrality of data.

According to a preferred embodiment of the invention, the method that described network data is assembled further includes:

Initial phase

The groundwork of data aggregation process initial phase is to be responsible for generating common parameter, secret by data aggregation server Close random number, the alternate data item set of encryption.It is assumed that the public key pk of data aggregation server_vaDistributed with reliable way Give all participants of data gathering system.With public key pk_vaCorresponding private key sk_vaUtilize thresholding secret by multiple child servers Close secret sharing is held jointly.Data service aggregation implement body initial work to be completed is as follows.

Generate common parameter

Data aggregation server is responsible for generating following common parameter:

1. generate two Big prime p, q, meet 2q=p-1, and in groupUpper discrete logarithm problem is difficult to resolve.That is, two are generated Individual Big prime p, q, meet 2q=p-1, and require the group being formed according to pOn discrete logarithm problem difficulty assume set up, Thus ensureing that the data item encrypted is not cracked.

2. exist, in randomly select q rank element g, h, and set and generated by gCyclic subgroup be g.Because g and h is The child servers of multiple data aggregation servers randomly select jointly, so under discrete logarithm problem difficulty is assumed, not having Someone can know that the discrete logarithm with regard to g for the h.

3. secure hash function h₁: { 0,1 }^*→z_q, it will be used for constructing non-interactive type when generating encryption alternate data item Zero-knowledge proof.

4. suppose to participate in the terminal that data assembles and be up to n (actual be certainly less than equal to n), data aggregation server needs The number n=ε n of the alternate data item of encryption to be determined in advance, wherein ε >=2 are a safety coefficient.Each Intellisense terminal Averagely can arrange alternate data item number be ε, wherein only one as valid option, other options can be by Intellisense Terminal is used for the confidence level of inspection data aggregation node.ε is bigger, and the terminal participating in checking work is more, data aggregation node Cheating is more easily tested out.Obviously, ε is bigger, and the expense of system is also bigger, therefore actual deployment when will be in security A balance is done and efficiency between.Suggestion ε takes 5 or 10.

The above-mentioned common parameter that data aggregation server generates, including p, q, g, h, n, n, hash function h₁Description letter Breath, alternate data item set { c₁, c₂..., c_m, bulletin unit will be published to before data gathering starts, and enclose The digital signature of data aggregation server.Any participant can obtain these common parameters, and utilizes public key pk_vaChecking is public The authority of co-information.

In addition, normal operation of system necessarily assumes that parameter n and m meets condition:Wherein WithRepresent respectively and take whole and take off whole.

Generate the alternate data item set of encryption

Assume that alternative collection of data items is { c₁, c₂..., c_m, and parameter n and m meet conditionIfAssemble before the stage starts in data, data aggregation server each Participant combines the alternate data item set generating n encryption using following manner.

1. from integer set [0,1 ..., 2^e] in take 2m group (every group n-1) random number:

{k_1,1, k_1,2..., k_{1, n-1}, { k_2,1, k_2,2..., k_{2, n-1}..., { k_{M, 1},k_{M, 2}..., k_{M, n-1},

{t_1,1, t_1,2..., t_{1, n-1}}{t_2,1, t_2,2..., t_2,n-1..., { t_{M, 1}, t_m,2..., t_m,n-1}

Then calculate:

$k_{i,n}=(0-\underset{j=1}{\overset{n-1}{\mathrm{\σ}}}{k}_{i,j}){\mathrm{mod}2}^e(i=\mathrm{1,2},\·\·\·,m)$

$t_{i,n}=(0-\underset{j=1}{\overset{n-1}{\mathrm{\σ}}}{t}_{i,j}){\mathrm{mod}2}^e(i=\mathrm{1,2},\·\·\·,m)$

Calculated again based on result above:

$k_j=\underset{i=1}{\overset{m}{\mathrm{\σ}}}{2}^{e(i-1)}{k}_{i,j}(j=\mathrm{1,2},\·\·\·,n)$

$t_j=\underset{i=1}{\overset{m}{\mathrm{\σ}}}{2}^{e(i-1)}{t}_{i,j}(j=\mathrm{1,2},\·\·\·,n)$

{ the k that easily proof generates according to the method described above₁, k₂..., k_n}、{t₁,t₂..., t_nNecessarily satisfying for:

$\left(\underset{j=1}{\overset{n}{\mathrm{\σ}}}{k}_j\right){\mathrm{mod}2}^e=0,\left(\underset{j=1}{\overset{n}{\mathrm{\σ}}}{t}_j\right){\mathrm{mod}2}^e=0$

{k₁, k₂..., k_n}、{t₁, t₂..., t_nPacify as secret value during generating encryption alternate data item set Full mode is preserved.

2. data aggregation server calculates:

$w_j=g^{k_j}{h}^{t_j},j=\mathrm{1,2},...,n$

It can easily be proven that { w₁, w₂..., w_nMeet:

$\underset{j=1}{\overset{n}{\mathrm{\π}}}{w}_j=\underset{j=1}{\overset{n}{\mathrm{\π}}}{g}^{k_j}{h}^{t_j}=1$

Can be by { w₁, w₂..., w_nRegard as with regard to secret random number { k₁, k₂..., k_n}、{t₁, t₂..., t_n? Safety certificate (commitment).Safety certificate will not betray the pot to the roses any information of random number, and in discrete logarithm problem Under difficulty is assumed, once announcing safety certificate, data aggregation server will be unable to using one group of different random number { k '₁, k ′₂..., k '_n}、{t′₁, t '₂..., t '_nBe used for producing alternate data item set.

3. data aggregation server generates and encrypts alternate data item set:

$v_{j,0}=k_j,p_{j,0}=\mathrm{nizk}\left\{t_j\right|h^{t_j}=w_j{g}^{-v_{j,0}}\}$

v_{J, i}=k_j+2^e(i-1),I=1,2 ..., m,

J=1,2 ..., n

P in above formula_{J, i}=nizk{t_j|a(t_j) represent with regard to secret value t_jNon-interactive zero-knowledge proof.By p_j,i, Data aggregation server can be in value t that do not betray the pot to the roses_jOn the premise of it was demonstrated that meet assert a (t_j) set up, thus not revealing k_jOn the premise of prove v_{J, i}Building method meet agreement regulation.Construct this non-interactive zero-knowledge proof and will use Hash Function h₁: { 0,1 }^*→z_q.

{(v_{J, 0}, p_{J, 0}), (v_{J, 1},p_{J, 1}) ..., (v_{J, m}, p_{J, m}) constitute an alternate data item group encrypted, such Alternate item group has n, constitutes the alternate data item set of encryption: { (v_j,0, p_j,0), (v_j,1,p_j,1) ..., (v_j,m, p_j,m)} (j=1,2,...,n).When submitting data to, if Intellisense terminal selects c_i, then by data aggregation node by option (v_j,i, p_j,i) report to data aggregation server.And (v_{J, 0}, p_{J, 0}) more special, Validation of Data will be used for.

4. data aggregation server can be by n encryption alternate data item { (v of above-mentioned generation_{J, 0}, p_J,0), (v_j,1, p_{J, 1}) ..., (v_j,m, p_{J, m}) (j=1,2 ..., n) be divided into multiple subsets (according to data aggregation node number), and use respectively Secured fashion imports in the background data base of multiple data aggregation nodes.

5. data aggregation server is by { k₁, k₂..., k_n}、{t₁,t₂..., t_nEtc. secret value delete, by { w₁, w₂..., w_nBe published on bulletin unit and enclose the digital signature of oneself.Any participant can be by checkingWhether the encryption alternate data item set whether setting up the generation of inspection data aggregation server meets protocol requirement.

Registration phase

In registration phase, each participate in intelligent terminal that data assembles before the gathering stage starts first with line and The mode combining online is registered to data aggregation server.Concrete register method is:

1. the manager of data aggregation server utilizes line under type (offline) to verify the legitimacy of intelligent terminal, example As checked the identity card of terminal holder or the product id of terminal.Check unsuccessfully, then terminate registration process immediately.

2. each terminal t_iGenerate a pair of public private key pair (y_i, x_i).The public key signature algorithm being adopted can be any It is proved to safe algorithm, such as rsa algorithm, dsa algorithm etc..Data aggregation server and intelligent terminal both sides are calculated to using which class Method is arranged in advance.

3. terminal t_iBy public key y_iIt is sent to data aggregation server.For proving that this terminal holds and public key y_iCorresponding private Key, server generates random number r, and using r | | timestamp represents the time as challenge message m, wherein timestamp Stamp.Server makes terminal generation with regard to digital signature sig (m) of m, the then validity of inspection signature sig (m).Check unsuccessfully, Then terminate registration process immediately, otherwise proceed next step.

4. after inspection, public key y_iThe certification being saved in data aggregation server by the assumed name as this intelligent terminal is believed In breath list ac_list.Private key x_iSecret preservation is responsible for by terminal oneself.

5. list of public keys n_list of all valid data nodes is downloaded in the memory of intelligent terminal.Registration process Terminate.

In above-mentioned registration process, only data aggregation server knows assumed name y_iWith the corresponding relation of physical end id, And this corresponding relation cannot be obtained for data aggregation node, the user of data gathering system.Therefore, provide here necessarily End user privacy protection.

Data assembles the stage

Assemble the stage in data, Intellisense terminal interacts formula with apart from oneself nearest data aggregation node first Then the data is activation of collection in worksite is given this data aggregation node by certification.These data are passed through meter by data aggregation node again Calculation machine network sends data aggregation server to.The specific course of work is as follows.

1. after data perception intelligent terminal reaches in the range of the efficient communication of certain data aggregation node, first with this section Point completes interactive authentication.Because terminal holds list of public keys n_list of all valid data aggregation nodes it is possible to profit With " challenge response " method, valid data aggregation node is authenticated.On the other hand, because data aggregation node can be from The list t_list of legal terminal is obtained on data aggregation server it is possible to " challenge response " method of utilization is to legal Data perception intelligent terminal is authenticated.

2. interactive authentication passes through afterwards, and data aggregation node sends all alternate data items in plain text to intelligent terminal, will Set { c₁, c₂..., c_mIt is sent to terminal.

3. terminal according to field measurement data from { c₁, c₂..., c_mIn select corresponding option (be assumed to c_i), and will The selection of oneself is sent to data aggregation node.

4. data aggregation node is from alternate data item the set { (v of encryption_j,0, p_j,0), (v_j,1,p_j,1) ..., (v_j,m, p_{J, m}) (j=1,2 ..., n) in appoint take an option group { (v_k,0, p_j,0), (v_j,1,p_j,1) ..., (v_j,m,p_j,m), then will With c_iCorresponding (v_j,i,p_{J, i}) as the encryption alternate data item ultimately generating.

Data aggregation node is by v_{J, i}Corresponding binary string is divided into m part from low level to a high position, each part bag Containing e bit (the comprised bit number of highest bit position is likely larger than e), then concatenate into m with m partial binary individual corresponding Ten's digit (d₁, d₂..., d_m).

Data aggregation node is by option (v_j,i, p_{J, i})、(d₁, d₂..., d_m) and digital signature s of oneself_nIt is sent to end End.

5. after terminal authentication node digital signature validity, there are two kinds of selections: " re-entering " and " submitting to ".

If selected " submitting to ", terminal utilizes the private key x of oneself_iTo data { (v to be submitted to_j,i,p_j,i),(d₁, d₂..., d_m) generate digital signature s_t, then will sign s_tIt is sent to data aggregation node.Data aggregation node generates final Data report report={ y_i, (v_j,i, p_{J, i}),(d₁, d₂..., d_m), s_n, s_t, wherein y_iIt is the assumed name of terminal.Data is gathered Data report is sent to data aggregation server by collection node, and returns success message to terminal.After submitting success to, intelligence is felt Know that terminal preserves data report, and leave.

If terminal selects " re-entering ", data aggregation node startup " data report validation verification " flow process (after Its detailed process is terminated in face) verify the encrypted data item { (v that data aggregation node generates_j,i,p_j,i),(d₁, d₂..., d_m) be No real to should terminal submission data c_i.After being verified, return the 3rd step, terminal resubmits data, node Regenerate corresponding encrypted data item.

6., after the data accumulative phase terminates, each data aggregation node is by oneself remaining standby alternate data item set {(v_j,0,p_j,0), (v_j,1, p_j,1),...,(v_j,m,p_j,m) (v_j,0, p_j,0) partly it is sent to data aggregation server, and indicate For " calcellation ".

Through above 6 steps, the data report of each Intellisense terminal has been submitted to data in an encrypted form and has assembled clothes The bulletin unit of standby device, anyone can inquire about.

The idiographic flow of " the data report validation verification " of the 5th step is as follows above:

(1), after data aggregation node receives " re-entering " request of terminal, data aggregation node is by (v_J,0, p_{J, 0}) And v_{J, 0}Corresponding m decimal number { d '₁, d '₂..., d '_mIt is sent to terminal.

(2) Intellisense terminal is verified on the spot: for two groups of digital { d₁, d₂..., d_mAnd { d '₁, d '₂..., d '_m, Except d_i-d′_i=1, other m-1 numerals are all equal.If be unsatisfactory for, illustrate data aggregation node in cheating.

(3) p of Intellisense terminal authentication node output_j,0、p_{J, i}And digital signature s of data aggregation node_nWhether Effectively.If invalid, terminal terminates submitting data to this node, and thinks that data assembles clothes after can retaining relevant evidence This node complained by business device.

(4) if data item (v_j,i,p_j,i) being used for doing validation verification, then this data item is equivalent to and is cancelled.Data Aggregation node is only by (v_i,0, p_j,0) it is submitted to data aggregation server.

The data statistics stage

After data aggregation process terminates, the information that data aggregation server is announced on unit is locked.Data service aggregation Device first checks for announcing in the data report list on unit whether comprise n item, if less than n, some preliminary data items is then described Lose.After the preliminary data item polishing that will lose, anyone can be according to the information counting statistics result on bulletin unit.

If the item set announced on bulletin unit is combined into { (v₁, p₁), (v₂, p₂) ..., (v_n, p_n), each v_i(1≤i ≤ n) corresponding m ten's digit be { d_i,1, d_i,2..., d_i,m}.

So, option c_j(1≤j≤m) final statistics r_jFor

$r_i=\left(\underset{i=1}{\overset{n}{\mathrm{\σ}}}{d}_{i,j}\right)\mathrm{mod}{2}^e(1\≤j\≤m)$

Statistics can be obtained by simple modulo addition.And the validity of each data report can be passed through Zero-knowledge proof p_iAnd the validity of associated digital signature tests.

As follows from the principle of statistic algorithm: to be can be seen that often according to the process of the preliminary data option set generating encryption Data options v of individual encryption_j(1≤j≤n) without being marked as cancelling, is then represented byShape Formula, wherein b_j∈ { 1,2 ..., m }；If being marked as cancelling, v can be expressed as_j=k_jForm.b_jValue depend on right Answer the actual selection of Intellisense terminal.If Intellisense terminal have selected alternate item c_i, then b_j=i.

Further, k_jCan be expressed asForm.Therefore, with v_jCorresponding m ten's digit d_j,i(i=1,2 ..., m) can be expressed as k_{I, j}+b_{I, j}Form.Wherein b_i,jValue 0 or 1, if 1 then it represents that being to select Alternate data item c_i.If b_j=i, then b_i,j=1, and b_k,j=0(k≠i).In v_jDuring for cancelling, b_{I, j}(i=1,2 ..., m) all etc. In 0, do not select any alternate data item.

According to generate standby suggestion option set process it is known thatTherefore,

$r_i=\left(\underset{j=1}{\overset{n}{\mathrm{\σ}}}{d}_{j,i}\right)\mathrm{mod}{2}^e=\left[\underset{j=1}{\overset{n}{\mathrm{\σ}}}(k_{i,j}+b_{i,j})\right]\mathrm{mod}{2}^e=\underset{j=1}{\overset{n}{\mathrm{\σ}}}{b}_{i,j}\mathrm{mod}{2}^e$

I.e. r_iFor alternate item c_iSupport number.

Had the advantage that compared with the conventional method according to the data method for congregating of the present invention

Statistics is simple

One of advantage of designed data gathering system is that statistics is simple.This feature is mainly reflected in following two aspects.

1. from statistics.After data aggregation process terminates, any system user can be public according to data aggregation server Accuse the public information counting statistics result on unit.Whole statistic processes does not need to trust and relies on any statistics center, therefore Considerably increase the transparency of data gathering.

2. statistic algorithm is simple.Only need in statistic processes use very simple modulo addition.Realize statistic algorithm Computer program be also easily understood very much, need not rely on minority security expert realize software, therefore increase further The confidence level of statistics.

Verifiability

According to designed data method for congregating, almost all have in whole data aggregation process links and can verify that Property, that is, observer or participant can check this link to whether there is cheating.The verifiability of this reinforcement ensure that number According to assemble result integrality and credibility.

1. pair alternate data item collection closes the checking of generating process

In the generating process of alternate data item set, can be by disclosed random commitment value on inspection bulletin unit (w₁, w₂..., w_nWhether meet:

$\underset{j=1}{\overset{n}{\mathrm{\π}}}{w}_j=\underset{j=1}{\overset{n}{\mathrm{\π}}}{g}^{k_j}{h}^{t_j}=1$

To verify the secret random value { k generating alternate data item set₁, k₂..., k_n}、{t₁,t₂..., t_nWhether accord with Close following conditions:

$\left(\underset{i=1}{\overset{n}{\mathrm{\σ}}}{k}_i\right){\mathrm{mod}2}^e=0,\left(\underset{i=1}{\overset{n}{\mathrm{\σ}}}{t}_i\right){\mathrm{mod}2}^e=0.$

Above-mentioned two condition is the key realized from statistics.In addition, under discrete logarithm problem difficulty is assumed, once public Cloth safety certificate { w₁, w₂..., w_n, data aggregation server will be unable to using a different set of random number { k '₁, k '₂..., k′_n}、{t′₁,t′₂,...,t′_nBe used for producing alternate data item set, therefore take precautions against data aggregation server and levied in suggestion The collection stage conspires the cheating of modification alternate data item with data aggregation node.

2. alternate data item verification of correctness

Any participant can be by checking zero-knowledge proof p_{J, i}Validation verification data aggregation server generate Data item v_j,iCorrectness, that is, verify v_{J, i}Whether the middle alternate item with cipher mode encapsulation belongs to the alternate item set specified {c₁, c₂..., g_m, and only encapsulate one of alternate item.

3. data aggregation node honesty checking

During assembling data submission, if the intelligent terminal participating in data gathering have selected alternate item c_i, one is not The data report that honest data aggregation node generates may correspond to alternate item c_k(k ≠ i), has thus run counter to Intellisense eventually The wish at end.

System adopts following verification method to take precautions against above-mentioned cheating: Intellisense terminal randomly chooses one alternatively first Item c_i, then data aggregation node will be with c_iCorresponding encryption data report (comprises { d₁, d₂..., d_mAnd (v_j,i,p_{J, i})) output, And append the signature of oneself.If terminal is abandoned afterwards " confirm submit to ", node is by (v_{J, 0}, p_{J, 0}) and v_{J, 0}Corresponding m Decimal number { d '₁, d '₂..., d '_mOutput.By contrasting two groups of numerals and inspection p_{J, i}And p_{J, 0}Validity it is possible to inspection Test node output whether data report real and c_iCorresponding.After this starts to generate report, node cannot determine Intellisense Terminal selects " confirming to submit to " or " abandoning ", once guessing wrong, node will be unable to deny, because node has exported the numeral of oneself Signature.Therefore it is directed to the checking of single Intellisense terminal, the node successful probability of cheating only has 1/2.Feel if there are f intelligence Know that terminal did inspection, then node can practise fraud successful probability for (1/2)^f.The process being become by alternate data item collection symphysis can Know, the number n=ε n of standby alternate data item, ε take 5 or 10.Therefore each Intellisense terminal averagely can use 5 or 10 Standby suggestion option, averagely has 4 or 9 checking machine meetings.During large-scale data is assembled, as long as there being fraction Intellisense terminal-pair The honesty of node did inspection, and the probability that node can successfully be practised fraud is very little.

4. Intellisense terminal legality checking

Anyone can be according to Information Authentication disclosed on data aggregation server: only through the legal intelligence of certification Terminal in perception terminal assumed name list t_list have submitted data report, and each data report has attached and assumed name y_iPhase Join digital signature..

5. whether the data report of Intellisense terminal authentication oneself is counted into final result

After completing suggestion submission, Intellisense terminal can obtain the number that data aggregation server announces unit output According to.Intellisense terminal can check whether the data report of oneself occurs in the data report list announced on bulletin unit In.If it is not, can appeal to data aggregation server, the evidence (data that data aggregation server preserves according to terminal Data is had to assemble the signature of data aggregation node in report) find cheating node.

Personal secrets

Personal secrets in data aggregation process refer to except terminal use oneself, and attacker cannot determine that this terminal is real Which alternate data item border have submitted.Set data gathering system is from protecting to terminal privacy following aspects:

1. the data report being published to data aggregation server bulletin unit all employs encrypted form.(data item form For v_j=k_j+2^e(bj-1), wherein k_jEncryption key can be considered), the validity of data item proves p_jAlso alternate item letter will not be exposed Breath (this is to be ensured by the characteristic of zero-knowledge proof), therefore (knows k in addition to data aggregation server_i), anyone is The data of the actual submission of Intellisense terminal cannot be judged by the data report announced is announced on unit.

2. although data aggregation node knows data options v_jThe alternate item of middle encryption, but they only know Intellisense eventually The assumed name at end, can not be by data options v_jGet up with the true identity information association of Intellisense terminal.

It should be noted that these accompanying drawings are intended to the general characteristic of description method, make in certain exemplary embodiments Structure and/or material, and be intended to description provided below is supplemented.However, what these accompanying drawings were not drawn to, and And be not fine structure or the Performance Characteristics accurately reflecting the embodiment arbitrarily providing, and also should not be construed as and pass through Illustrative embodiments are defined to the number range being comprised or attribute or limit.In various figures using same or phase Same reference is intended to instruction and there is same or identical element or feature.

Brief description

Generally describe the present invention, referring now to accompanying drawing, it is drawn not necessarily in regulation ratio, wherein:

Fig. 1 is the structural representation of Intellisense terminal data lens system according to the preferred embodiment of the present invention；

Fig. 2 is the structural representation of data aggregation server according to the preferred embodiment of the present invention；

Fig. 3 is the method carrying out data gathering using network data lens system according to the preferred embodiment of the present invention Flow chart；

Fig. 4 is the side carrying out data gathering using network data lens system according to another preferred embodiment of the present invention The flow chart of method；And

Fig. 5 is the side carrying out data gathering according to further embodiment of the present invention using network data lens system The flow chart of method.

Specific embodiment

Although illustrative embodiments can carry out various change and adopt alternative form, embodiments thereof is as reality Apply example to be given in the accompanying drawings, and will be described in detail herein.It is to be understood, however, that should not be by exemplary embodiment party Formula is defined to particular forms disclosed, on the contrary, illustrative embodiments be intended to fall into right to go in the range of all Modification, equivalent and substitute.In the description of whole accompanying drawing, identical reference represents identical element.

With reference to the accompanying drawings and detailed description, by once on a large scale as a example network data accumulation process, to the present invention Described network data lens system and its correlation technique are described further.

Fig. 1 is the structural representation of Intellisense terminal data lens system according to the preferred embodiment of the present invention.As Shown in Fig. 1, Intellisense terminal data lens system 100 includes: client terminal 101, data aggregation server 102, many numbers According to aggregation node 103 (103a, 103b ..., 103n) and multiple Intellisense terminal (104a, 104b, 104c, 104d, 104e and 104f).Preferably, client terminal 101 can be any type device that can run and store various applications, for example individual number Word assistant (pda), smart mobile phone, tablet PC, radio telephone, mobile computing device, camera, video recorder, audio frequency/ Video player, location equipment (for example, global positioning system (gps) equipment), game station, wireless device or various other Similar equipment or a combination thereof.

Preferably, data aggregation server 102 is that by any computer equipment of data gathering, can be independent Server or multiple server composition cluster server.Data aggregation server 102 includes: bulletin unit, registering unit, Initialization unit, data accumulation unit data statistic unit, wherein will be explained below introducing the concrete function of unit. Preferably, each of multiple data aggregation nodes 103 (103a, 103b ..., 103n) are suitable to assemble clothes using network data In business device, the log-on message of multiple Intellisense terminals of storage is authenticated to corresponding Intellisense terminal, by certification Intellisense terminal determines the data being associated with described Intellisense terminal in the alternate data item of encryption, and described data is gathered Collection nodes records four-tuple < Intellisense terminal assumed name, encrypted data item, the signature of Intellisense terminal, data aggregation node Signature >, submit to data aggregation server as data report.Preferably, each of multiple data aggregation nodes are equal Meet the data collected from least one Intellisense terminal.As shown in figure 1, data aggregation node 103a is with Intellisense eventually End 104a and 104b connects, and is responsible for collecting the data from Intellisense terminal 104a and 104b.Data aggregation node 103b with Intellisense terminal 104c connects, and is responsible for collecting the data from Intellisense terminal 104c.Data aggregation node 103n and intelligence Perception terminal 104d, 104e and 104f can connect, be responsible for collecting the data from Intellisense terminal 104d, 104e and 104f. Each data aggregation node is each responsible for the Intellisense terminal of its respective connection is authenticated.

Preferably, each of multiple Intellisense terminals (104a, 104b, 104c, 104d, 104e and 104f) are suitable to The data being associated with described Intellisense terminal is determined in the alternate data item of encryption.The plurality of Intellisense terminal can To be being geographically spread out or geographically neighbouring.Preferably, Intellisense terminal can be various types of sensors, for example Sound transducer, humidity sensor, temperature sensor, pressure sensor etc..Preferably, Intellisense terminal can be various clothes Business terminal, such as atm automatic cash dispenser, atm ATM, atm automatic teller machine.Preferably, Intellisense terminal can To be any type device that can run and store various applications, such as personal digital assistant (pda), smart mobile phone, flat board Computer, radio telephone, mobile computing device, camera, video recorder, audio/video player, location equipment are (for example, Global positioning system (gps) equipment), game station, wireless device or various other similar equipment or a combination thereof.

Preferably, data aggregation server is responsible for safeguarding the corresponding relation between data aggregation node and Intellisense terminal (such as annexation), and above-mentioned relation is stored in corresponding memory cell.When Intellisense terminal is gathered from a data Collection node be switched to another data aggregation node, when the offline or new Intellisense terminal of Intellisense terminal is reached the standard grade, data Aggregation server is responsible for the corresponding relation between distribution, modification, record data aggregation node and Intellisense terminal.

Fig. 2 is the structural representation of data aggregation server according to the preferred embodiment of the present invention.Preferably, data is gathered Collection server 102 includes: bulletin unit, registering unit, initialization unit, data accumulation unit data statistic unit.

Preferably, registering unit is used for before network data accumulation process starts, using combine under line and online Mode is registered to each Intellisense terminal.Preferably, it is possible to use online mode passes through internet to each intelligence Perception terminal is registered.Or, can by under line in the written signature in appointed place log-in protocol by way of registered.? After registration step, generate public, private key pair for each Intellisense terminal, public key as the assumed name of its own and is sent to Data aggregation server, and preserve private key in the memory cell of its own.Preferably, described assumed name refers to Intellisense The another name of terminal.Preferably, the data report that its own is submitted to using private key pair is carried out numeral label by described Intellisense terminal Name, to ensure that data is not tampered with.After data aggregation server verifies the legitimacy of described Intellisense terminal, by described intelligence The public key of perception terminal is saved in legal assumed name list.Preferably, by described digital signature prevent data aggregation node and Data aggregation server is distorted to data.

Preferably, initialization unit is used for generating common parameter, and chooses random number according to common parameter, thus according to Random number calculates and generates secret random number.Preferably, initialization unit calculates according to described common parameter and secret random number The safety certificate being associated with secret random number.Preferably, initialization unit according to described common parameter, secret random number and The safety certificate being associated with secret random number generates the alternate data item set of encryption；

Preferably, data accumulation unit is used for for the alternate data item set of described encryption being input to each data in network In the background data base of aggregation node.Preferably, data accumulation unit is by the authentication information of all legal Intellisense terminals List be input to the background data base of each data aggregation node；

Preferably, data statistics unit is used for four-tuple < the intelligence sense according to the Intellisense terminal collected in network Know terminal assumed name, encrypted data item, the signature of Intellisense terminal, the signature of data aggregation node > carry out data statistics, according to Described data statistics determines that data assembles result.Illustrate, the four-tuple of Intellisense terminal 104a can be taking Fig. 1 as a example < public key of Intellisense terminal 104a, the data item of encryption, the signature of Intellisense terminal 104a, data aggregation node 103a Signature >.Wherein, the data item of encryption is data gathering system actually active data to be collected, the such as network bandwidth, link The data that the Intellisense terminal such as utilization rate, node load can be collected.

In addition, data aggregation node, using the note of multiple Intellisense terminals of storage in network data aggregation server Volume information is authenticated to corresponding Intellisense terminal, by the Intellisense terminal of certification in the alternate data item of encryption Determine the data being associated with described Intellisense terminal, < Intellisense terminal is false for described data aggregation node record four-tuple Name, encrypted data item, the signature of Intellisense terminal, the signature of data aggregation node >, submit to data as data report and gather Collection server.Data intelligence perception terminal is associated with described Intellisense terminal for determining in the alternate data item of encryption Data.

Fig. 3 is the method carrying out data gathering using network data lens system according to the preferred embodiment of the present invention Flow chart.As shown in figure 3, methods described includes the following four stage:

1. initial phase:

In the initial phase of data aggregation process, establish data aggregation server first, afterwards clothes are assembled by this data Business device is responsible for generating common parameter, secret random number, the alternate data item set of encryption.It is assumed herein that data aggregation server Public key pk_vaAll participants of data gathering system have been given with reliable way distribution.With public key pk_vaCorresponding private key sk_vaJointly held using threshold secret sharing scheme by multiple child servers.Data service aggregation implement body complete following just Beginning chemical industry is made.

1.1. generate common parameter

The data aggregation server following common parameter of generation:

1) generate two Big prime p, q, meet 2q=p-1, and in groupUpper discrete logarithm problem is difficult to solve.That is, two Individual Big prime p, q, meet 2q=p-1, and require the group being formed according to pOn discrete logarithm problem difficulty assume set up, Thus ensureing that the data item encrypted is not cracked.

2) existIn randomly select q rank element g, h, and set and generated by gCyclic subgroup be g, guarantee do not have simultaneously Someone can know that the discrete logarithm with regard to g for the h.

3) secure hash function h₁: { 0,1 }^*→z_q, it will be used for constructing non-interactive type when generating encryption alternate data item Zero-knowledge proof.

4) suppose to participate in the terminal that data assembles and be up to n (actual be certainly less than equal to n), data aggregation server needs The number n=ε n of the alternate data item of encryption to be determined in advance, wherein ε > 2 are a safety coefficient.

The above-mentioned common parameter that data aggregation server generates, including p, q, g, h, n, n, hash function h₁Description letter Breath, alternate data item set { c₁, c₂..., c_m, all it was published to bulletin unit before data gathering starts, and enclose number Digital signature according to aggregation server.

In addition, normal operation of system necessarily assumes that parameter n and m meets condition:WhereinWithRepresent respectively and take whole and take off whole.

1.2. generate the alternate data item set of encryption:

Assume that alternative collection of data items is { c₁, c₂..., c_m, and parameter n and m meet condition IfBefore the data gathering stage starts, each participant of data aggregation server utilizes following manner to join Symphysis becomes the alternate data item set of n encryption.

1) from integer set [0,1 ..., 2^e] in take 2m group (every group n-1) random number:

{k_1,1, k_1,2..., k_{1, n-1}, { k_2,1, k_2,2..., k_2,n-1..., { k_{M, 1}, k_{M, 2}..., k_{M, n-1},

{t_1,1, t_1,2..., t_1,n-1, { t_2,1, t_2,2,..., t_{2, n-1}..., { t_{M, 1}, t_{M, 2}..., t_m,n-1}

Then calculate:

$k_{i,n}=(0-\underset{j=1}{\overset{n-1}{\mathrm{\&sigma;}}}{k}_{i,j}){\mathrm{mod}2}^e(i=\mathrm{1,2},\&centerdot;\&centerdot;\&centerdot;,m)$

$t_{i,n}=(0-\underset{j=1}{\overset{n-1}{\mathrm{\&sigma;}}}{t}_{i,j}){\mathrm{mod}2}^e(i=\mathrm{1,2},\&centerdot;\&centerdot;\&centerdot;,m)$

Calculated again based on result above:

$k_j=\underset{i=1}{\overset{m}{\mathrm{\&sigma;}}}{2}^{e(i-1)}{k}_{i,j}(j=\mathrm{1,2},\&centerdot;\&centerdot;\&centerdot;,n)$

$t_j=\underset{i=1}{\overset{m}{\mathrm{\&sigma;}}}{2}^{e(i-1)}{t}_{i,j}(j=\mathrm{1,2},\&centerdot;\&centerdot;\&centerdot;,n)$

{ the k that easily proof generates according to the method described above₁, k₂..., k_n}、{t₁, t₂..., t_nNecessarily satisfying for:

$\left(\underset{j=1}{\overset{n}{\mathrm{\&sigma;}}}{k}_j\right){\mathrm{mod}2}^e=0,\left(\underset{j=1}{\overset{n}{\mathrm{\&sigma;}}}{t}_j\right){\mathrm{mod}2}^e=0$

{k₁, k₂..., k_n}、{t₁, t₂..., t_nPacify as secret value during generating encryption alternate data item set Full mode is preserved.

2) data aggregation server calculates:

$w_j=g^{k_j}{h}^{t_j},j=\mathrm{1,2},...,n$

It can easily be proven that { w₁, w₂..., w_nMeet:

$\underset{j=1}{\overset{n}{\mathrm{\&pi;}}}{w}_j=\underset{j=1}{\overset{n}{\mathrm{\&pi;}}}{g}^{k_j}{h}^{t_j}=1$

Can be by { w₁, w₂..., w_nRegard as with regard to secret random number { k₁, k₂..., k_n}、{t₁, t₂..., t_n? Safety certificate (commitment).

3) data aggregation server generates and encrypts alternate data item set:

$v_{j,0}=k_j,p_{j,0}=\mathrm{nizk}\left\{t_j\right|h^{t_j}=w_j{g}^{-v_{j,0}}\}$

I=1,2 ..., m,

J=1,2 ..., n

P in above formula_{J, i}=nizk{t_j|a(t_j) represent with regard to secret value t_jNon-interactive zero-knowledge proof.By p_{J, i}, Data aggregation server can be in value t that do not betray the pot to the roses_jOn the premise of it was demonstrated that meet assert a (t_j) set up, thus not revealing k_jOn the premise of prove v_{J, i}Building method meet agreement regulation.Construct this non-interactive zero-knowledge proof and will use Hash Function h₁: { 0,1 }^*→z_q.

{(v_{J, 0}p_{J, 0}), (v_{J, 1}, p_{J, 1}) ..., (v_{J, m}p_{J, m}) constitute an alternate data item group encrypted, such standby Option group has n, constitutes the alternate data item set of encryption: { (v_j,0, p_{J, 0}), (v_{J, i}p_{J, 1}) ..., (y_{J, m}, p_{J, m})}(j= 1,2 ..., n).When submitting data to, if Intellisense terminal selects c_i, then by data aggregation node by option (v_{J, i}, p_{J, i}) report to data aggregation server.And (v_j,0, p_{J, 0}) more special, Validation of Data will be used for.

4) data aggregation server encrypts alternate data item { (v by n of above-mentioned generation_j,0, p_{J, 0}), (v_j,1, p_{J, 1}) ..., (p_{J, m}, p_{J, m}) (j=1,2 ..., n) be divided into multiple subsets (according to data aggregation node number), and use respectively Secured fashion imports in the background data base of multiple data aggregation nodes.

5) data aggregation server is by { k₁, k₂..., t_n}、{t₁, t₂..., t_nEtc. secret value delete, by { w₁, w₂..., w_nBe published on bulletin unit and enclose the digital signature of oneself.Any participant can be by checkingWhether Whether the encryption alternate data item set setting up the generation of inspection data aggregation server meets protocol requirement.

2. registration phase:

In registration phase, each participate in intelligent terminal that data assembles before the gathering stage starts first with line and The mode combining online is registered to data aggregation server.Concrete register method is:

2.1. the manager of data aggregation server utilizes line under type (offline), and the product id of inspection terminal is testing The legitimacy of card intelligent terminal.Check unsuccessfully, then terminate registration process immediately.

2.2. each terminal t_iA pair of public private key pair is generated using the rsa algorithm appointed in advance with data aggregation server (y_i, x_i).

2.3. terminal t_iBy public key y_iIt is sent to data aggregation server.For proving that this terminal holds and public key y_iCorresponding Private key, server generates random number r, and using r | | timestamp as challenge message m, when wherein timestamp represents Between stab.Server makes terminal generation with regard to digital signature sig (m) of m, the then validity of inspection signature sig (m).Inspection is lost Lose, then terminate registration process immediately, otherwise proceed next step.

2.4. after inspection, public key y_iIt is saved in the certification of data aggregation server by the assumed name as this intelligent terminal In information list ac_list.Private key x_iPreserved by terminal is secret.

2.5. list of public keys n_list of all valid data nodes is downloaded in the memory of intelligent terminal.Registered Journey terminates.

3. data is assembled the stage:

Assemble the stage in data, Intellisense terminal interacts formula with apart from oneself nearest data aggregation node first Then the data is activation of collection in worksite is given this data aggregation node by certification.These data are passed through meter by data aggregation node again Calculation machine network sends data aggregation server to.The specific course of work is as follows.

3.1. after data perception intelligent terminal reaches in the range of the efficient communication of certain data aggregation node, first with this Node completes interactive authentication.Due to terminal hold all valid data aggregation nodes list of public keys n_list it is possible to Using " challenge response " method, valid data aggregation node is authenticated.On the other hand, because data aggregation node is permissible The list t_list of legal terminal is obtained from data aggregation server it is possible to " challenge response " method of utilization is to legal Data perception intelligent terminal be authenticated.

3.2. interactive authentication passes through afterwards, and data aggregation node sends all alternate data items in plain text to intelligent terminal, that is, { c will be gathered₁, c₂,...,c_mIt is sent to terminal.

3.3. terminal according to field measurement data from { c₁, c₂..., c_mIn select corresponding option (be assumed to c_i), and The selection of oneself is sent to data aggregation node.

3.4. data aggregation node is from alternate data item the set { (v of encryption_j,0, p_j,0), (v_j,1, p_{J, 1}) ..., (v_j,m, p_j,m) (j=1,2 ..., n) in appoint take an option group { (v_j,0, p_j,0), (v_j,1,p_j,1) ..., (v_j,m, p_j,m), then will With c_iCorresponding (v_j,i,p_{J, i}) as the encryption alternate data item ultimately generating.

Data aggregation node is by v_{J, i}Corresponding binary string is divided into m part from low level to a high position, each part bag Containing e bit (the comprised bit number of highest bit position is likely larger than e), then concatenate into m with m partial binary individual corresponding Ten's digit (d₁, d₂..., d_m).

Data aggregation node is by option (v_j,i,p_j,i)、(d₁, d₂..., d_m) and digital signature s of oneself_nIt is sent to end End.

3.5. there are two kinds of selections: " re-entering " and " submitting to " after terminal authentication node digital signature validity.

If selected " submitting to ", terminal utilizes the private key x of oneself_iTo data { (v to be submitted to_j,i,p_{J, i}), (d₁, d₂..., d_m) generate digital signature s_t, then will sign s_tIt is sent to data aggregation node.Data aggregation node generates final Data report report={ y_i,(v_j,i,p_{J, i}), (d₁, d₂..., d_m), s_n, s_t, wherein y_iIt is the assumed name of terminal.Data is gathered Data report is sent to data aggregation server by collection node, and returns success message to terminal.After submitting success to, intelligence is felt Know that terminal preserves data report, and leave.

If terminal selects " re-entering ", data aggregation node startup " data report validation verification " flow process (after Its detailed process is terminated in face) verify the encrypted data item { (v that data aggregation node generates_j,i,p_{J, i}), (d₁, d₂..., d_m) be No real to should terminal submission data c_i.After being verified, return the 3.3rd step, terminal resubmits data, section Point regenerates corresponding encrypted data item.

3.6., after the data accumulative phase terminates, each data aggregation node is by oneself remaining standby alternate data item collection Close { (v_j,0, p_j,0), (v_j,i,p_j,1) ..., (v_j,m,p_j,m) (v_j,0, p_j,0) partly it is sent to data aggregation server, and note Bright for " calcellation ".

Through above 6 steps, the data report of each Intellisense terminal has been submitted to data in an encrypted form and has assembled clothes The bulletin unit of business device, anyone can inquire about.

The idiographic flow of " the data report validation verification " of the 5th step is as follows above:

(1), after data aggregation node receives " re-entering " request of terminal, data aggregation node is by (v_{J, 0},p_j,0) and v_{J, 0}Corresponding m decimal number { d '₁, d '₂..., d '_mIt is sent to terminal.

(2) Intellisense terminal is verified on the spot: for two groups of digital { d₁, d₂..., d_mAnd { d '₁, d '₂..., d '_m, Except d_i-d′_i=1, other m-1 numerals are all equal.If be unsatisfactory for, illustrate data aggregation node in cheating.

(3) p of Intellisense terminal authentication node output_j,0、p_j,iAnd digital signature s of data aggregation node_nWhether Effectively.If invalid, terminal terminates submitting data to this node, and thinks that data assembles clothes after can retaining relevant evidence This node complained by business device.

(4) if data item (v_j,j,p_j,i) being used for doing validation verification, then this data item is equivalent to and is cancelled.Data Aggregation node is only by (v_j,0,p_j,0) it is submitted to data aggregation server.

4. the data statistics stage:

After data aggregation process terminates, the information that data aggregation server is announced on unit is locked.Data service aggregation Device first checks for announcing in the data report list on unit whether comprise n item, if less than n, some preliminary data items is then described Lose.After the preliminary data item polishing that will lose, anyone can be according to the information counting statistics result on bulletin unit. Circular is as follows.

If the item set announced on bulletin unit is combined into { (v₁, p₁), (v₂, p₂) ..., (v_n, p_n), each v_i(1≤i ≤ n) corresponding m ten's digit be { d_i,1, d_i,2..., d_{I, m}}.

So, option c_j(1≤j≤m) final statistics r_jFor

$r_j=\left(\underset{i=1}{\overset{n}{\mathrm{\&sigma;}}}{d}_{i,j}\right){\mathrm{mod}2}^e(1\&le;j\&le;m)$

Statistics can be obtained by simple modulo addition.And the validity of each data report can be passed through Zero-knowledge proof p_iValidity and the validity of digital signature test.

Fig. 4 is the side carrying out data gathering using network data lens system according to another preferred embodiment of the present invention The flow chart of method.Methods described from the beginning of step 401, assemble initially as starting point by data.Then proceed to step 402, intelligence Perception terminal interacts formula certification with apart from oneself nearest data aggregation node first, then sends out the data of collection in worksite Give this data aggregation node.Data aggregation node sends these data to data service aggregation by computer network again Device.After data perception intelligent terminal reaches in the range of the efficient communication of certain data aggregation node, complete with this node first Interactive authentication.Because terminal holds list of public keys n_list of all valid data aggregation nodes it is possible to utilize " matter Inquiry response " method is authenticated to valid data aggregation node.On the other hand, because data aggregation node can gather from data The list t_list of legal terminal is obtained on collection server it is possible to " challenge response " method of utilization is to legal data sense Know that intelligent terminal is authenticated.

In step 403, judge whether by interactive authentication.When not passing through interactive authentication, proceed to step 412, Process terminates.When by interactive authentication, carry out step 404, data aggregation node sends all alternative numbers to intelligent terminal According to item in plain text, { c will be gathered₁, c₂..., c_mIt is sent to terminal.

Terminal is according to field measurement data from { c₁, c₂..., c_mIn select corresponding option (be assumed to c_i), and will be from Oneself selection is sent to data aggregation node.

Data aggregation node is from alternate data item the set { (v of encryption_j,0,p_j,0), (v_j,1,p_j,1) ..., (v_j,m, p_j,m)} (j=1,2 ..., n) in appoint take an option group { (v_j,0, pj_,0), (v_j.1,p_{J, 1}) ..., (v_j,m,p_j,m), then will be with c_iRight (the v answering_j,i,p_{J, i}) as the encryption alternate data item ultimately generating.

Data aggregation node is by v_j,iCorresponding binary string is divided into m part from low level to a high position, each part bag Containing e bit (the comprised bit number of highest bit position is likely larger than e), then concatenate into m with m partial binary individual corresponding Ten's digit (d₁, d₂..., d_m).Data aggregation node is by option (v_j,i,p_{J, i})、(d₁, d₂..., d_m) and the numeral of oneself Signature s_nIt is sent to terminal.

In step 405, aggregation node generates data report.

Selected after step 406, terminal authentication node digital signature validity: " re-entering " and " pinch friendship ".

If selected " submitting to ", carry out step 407, terminal utilizes the private key x of oneself_iTo data { (v to be submitted to_j,j, p_{J, i}), (d₁, d₂..., d_m) generate digital signature s_t, then will sign s_tIt is sent to data aggregation node.In step 408, number Generate final data report report={ y according to aggregation node_i, (v_j,i, p_{J, i}), (d₁, d₁..., d_m), s_n, s_t, wherein y_iIt is The assumed name of terminal.Data report is sent to data aggregation server by data aggregation node, and returns success message to terminal.Carry After handing over success, Intellisense terminal preserves data report, and leaves.

If selecting " re-entering " in step 406, carry out step 409 it is desirable to data is assembled and announced evidence.Step 410, data aggregation node starts " data report validation verification " flow process and (terminates its detailed process two checking data below to assemble The encrypted data item { (v that node generates_j,i, p_{J, i}), (d₁, d₂..., d_m) whether really to should terminal submission data c_i.In step 411, it is determined whether by checking, if not verified, carry out step 412, process terminates；If passed through Checking, then return to step 404, terminal resubmits data, node regenerates corresponding encrypted data item.

Preferably, at step 412, after the data accumulative phase terminates, each data aggregation node is remaining standby by oneself With alternate data item set { (v_j,0, p_{J, 0}), (v_j,1, p_j,1) ..., (v_j,m,p_j,m) (v_{J, 0}, p_{J, 0}) partly it is sent to data Aggregation server, and it is labeled as " calcellation ".

Through step, the data report of each Intellisense terminal has been submitted to data aggregation server in an encrypted form Bulletin unit, anyone can inquire about.

Preferably, the idiographic flow of " data report validation verification " above is as follows:

(1), after data aggregation node receives " re-entering " request of terminal, data aggregation node is by (v_j,0, p_j,0) and v_j,0Corresponding m decimal number { d '₁, d '₂..., d '_mIt is sent to terminal.

(2) Intellisense terminal is verified on the spot: for two groups of digital { d₁, d₂..., d_mAnd { d '₁, d '₂..., d '_m, Except d_i-d′_i=1, other m-1 numerals are all equal.If be unsatisfactory for, illustrate data aggregation node in cheating.

(3) p of Intellisense terminal authentication node output_j,0、p_j,iAnd digital signature s of data aggregation node_nWhether Effectively.If invalid, terminal terminates submitting data to this node, and thinks that data assembles clothes after can retaining relevant evidence This node complained by business device.

(4) if data item (v_j,i, p_{J, i}) being used for doing validation verification, then this data item is equivalent to and is cancelled.Data Aggregation node is only by (v_j,0, p_j,0) it is submitted to data aggregation server.

Fig. 5 is the side carrying out data gathering according to further embodiment of the present invention using network data lens system The flow chart of method.Method 500 is applied to including network data aggregation server, multiple network data aggregation node and multiple intelligence The system of perception terminal.Method 500 from the beginning of step 501, before network data accumulation process starts, using under line and online The mode combining is registered to each the Intellisense terminal in multiple Intellisense terminals, for each Intellisense terminal Generate public, private key pair, public key as the assumed name of its own and is sent to data aggregation server, and depositing at its own Private key is preserved, the data report that it is submitted to using private key pair is carried out numeral label by wherein said Intellisense terminal in storage unit Name, to ensure that data is not tampered with, after data aggregation server verifies the legitimacy of described Intellisense terminal, by described intelligence The public key of perception terminal is saved in legal assumed name list.

In step 502, to the multiple Intellisense terminal broadcast message in network data lens system to start network number According to accumulation process, the digital signature of the subsidiary described network data aggregation server of described message, to prevent attacker from disappearing to described Cease distorts.

In step 503, the initialization unit using network data aggregation server generates common parameter.

In step 504, random number is chosen according to common parameter, and generation secret random number is calculated according to random number.

In step 505, the safety being associated with secret random number according to described common parameter and secret random number calculating Certificate.

In step 506, according to described common parameter, secret random number and the safety certificate being associated with secret random number Generate the alternate data item set of encryption.

In step 507, the data accumulation unit of network data aggregation server is by the alternate data item set of described encryption It is input in the background data base of each data aggregation node in network, by the authentication information of all legal Intellisense terminals List be input to the background data base of each data aggregation node.

In step 508, each of the plurality of data aggregation node utilizes in network data aggregation server and stores The log-on message of multiple Intellisense terminals each of multiple Intellisense terminals are authenticated, by the intelligence of certification Perception terminal Intellisense terminal can determine, in the alternate data item of encryption, the data being associated with described Intellisense terminal, Described data aggregation node record four-tuple < Intellisense terminal assumed name, encrypted data item, the signature of Intellisense terminal, number Signature according to aggregation node >, submit to data aggregation server as data report.

In step 509, the data statistics unit of network data aggregation server is according to the Intellisense collected in network Four-tuple < Intellisense terminal assumed name, encrypted data item, the signature of Intellisense terminal, the label of data aggregation node of terminal Name > carry out data statistics, determine that data assembles result according to described data statistics.

In step 510, the data of determination is assembled result and is announced using BBS mode, and provide to described The data determining assembles inquiry and the checking of result.

It is noted, however, that all these terms being associated with suitable physical quantity and term similar are only It is the easily label being applied to this tittle.Unless specifically stated otherwise, or substantially obtain from discuss, such as " process ", " count Calculate ", " estimation ", " determination ", the term of " display " etc., be related to action and the place of computer system or similar electronic computing device Reason, by being expressed as physical quantity in the RS of computer system, the data of amount of electrons is manipulated and is converted to It is expressed as physical quantity in computer system memory or register or other such information-storing devices, transmission or display device Other similar data.

Also, it should be noted aspect realized by the software of illustrative embodiments typically depositing in some form of program Encoded on storage media, or realized on some type of transmission medium.Computer-readable medium can be that magnetic is (for example, soft Disk or hard disk drive) or light (for example, compact disc read write, or " cd rom ") it is possible to be read-only or arbitrary access 's.Similarly, transmission medium can be twisted-pair feeder, coaxial cable, optical fiber or other suitable transmission medium well known in the art. Illustrative embodiments are not limited to these aspects of any specified realization.

Claims (10)

1. a kind of method carrying out network data gathering using network data lens system, described system includes network data and assembles Server, multiple network data aggregation node and multiple Intellisense terminal are it is characterised in that methods described includes:

Before network data accumulation process starts, using line under type and/or online mode in multiple Intellisense terminals Each Intellisense terminal registered, for each Intellisense terminal generate public, private key pair, using public key as its own Assumed name and be sent to data aggregation server, and in the Intellisense terminal memory cell of itself preserve private key, wherein It is submitted to using private key pair data report is digitally signed by described Intellisense terminal, to ensure that data is not tampered with, After data aggregation server verifies the legitimacy of described Intellisense terminal, the public key of described Intellisense terminal is saved in conjunction In method assumed name list；

To the multiple Intellisense terminal broadcast message in network data lens system to start network data accumulation process, described The digital signature of the subsidiary described network data aggregation server of message, to prevent attacker from described message is distorted；

Initialization unit using network data aggregation server generates common parameter,

Random number is chosen according to common parameter, and generation secret random number is calculated according to random number；

The safety certificate being associated with secret random number according to described common parameter and secret random number calculating；

The safety certificate be associated according to described common parameter, secret random number and with secret random number generates the alternative of encryption The set of data item；

The alternate data item set of described encryption is input in network respectively by the data accumulation unit of network data aggregation server In the background data base of individual data aggregation node, the list of the authentication information of all legal Intellisense terminals is input to The background data base of each data aggregation node；

Each of the plurality of data aggregation node utilizes multiple Intellisenses of storage in network data aggregation server The log-on message of terminal is authenticated to each of multiple Intellisense terminals, is being added by the Intellisense terminal of certification The data being associated with described Intellisense terminal, described data aggregation node record four-tuple is determined in close alternate data item <Intellisense terminal assumed name, encrypted data item, the signature of Intellisense terminal, the signature of data aggregation node>, by described four Tuple submits to data aggregation server as data report；

The data statistics unit of network data aggregation server is according to the four-tuple < intelligence of the Intellisense terminal collected in network Energy perception terminal assumed name, encrypted data item, the signature of Intellisense terminal, the signature of data aggregation node > carry out data statistics, Determine that data assembles result according to described data statistics；And the data gathering result of determination is carried out using BBS mode Announce, and inquiry and the checking of the data gathering result to described determination are provided.

2. method according to claim 1 it is characterised in that:

Described common parameter includes following part: 1) two Big prime p, q, meets 2q=p-1, and requires the group being formed according to pOn discrete logarithm problem difficulty assume set up, thus ensure encrypt alternate data item be not cracked；2) existIn with Q rank element g, h that machine is chosen: generated by gCyclic subgroup be g；3) Intellisense terminal maximum value possible n, encryption Alternate data item number n=ε n, wherein ε >=2 are safety coefficient；4) secure hash function h₁:{0,1}^*→z_q, wherein z_qFor group And it is used for during the alternate data item generating encryption constructing non-interactive zero-knowledge proof；5) alternative item set is combined into {c₁,c₂,…,c_m, m is alternate data item number；

Described common parameter q, m and n meet condition:WhereinWithRepresent respectively and take Go up whole and take off whole；

Described random number from set [0,1 ..., 2^e] middle selection, wherein

3. method according to claim 1 it is characterised in that:

Described Intellisense terminal is sensor, point-of-sale terminal, personal digital assistant, smart mobile phone, tablet PC and wireless One of phone.

4. method according to claim 2, the process wherein generating the alternate data item set of encryption specifically includes:

1) random number is chosen according to common parameter, and generation secret random number is calculated according to random number and include:

From integer set [0,1 ..., 2^e] in take 2m group, wherein every group of n-1 random number:

{k_1,1,k_1,2,...,k_1,n-1},{k_2,1,k_2,2,...,k_2,n-1},…,{k_m,1,k_m,2,...,k_m,n-1},

{t_1,1,t_1,2,...,t_1,n-1},{t_2,1,t_2,2,...,t_2,n-1},…,{t_m,1,t_m,2,...,t_m,n-1}

Wherein k and t represents random number；

Then calculate:

Calculated again based on result above:

{ the k generating according to the method described above₁,k₂,...,k_n}、{t₁,t₂,...,t_nNecessarily satisfying for:

With secured fashion by { k during the alternate data item set generating encryption₁,k₂,...,k_n}、{t₁,t₂,...,t_n} Preserved as secret random number；

2) included with the safety commitment of secret random number according to described common parameter and secret random number calculating:

Calculate:

Wherein { w₁,w₂,...,w_nMeet:

By { w₁,w₂,...,w_nFor with regard to secret random number { k₁,k₂,...,k_n}、{t₁,t₂,...,t_nSafety certificate；Peace The complete any information promising to undertake the random number that will not betray the pot to the roses, once announcing safety commitment, generation side cannot be using different secrets Random number is producing the alternate data item of encryption；

3) safety commitment according to described common parameter, secret random number and secret random number generates the alternate data item of encryption Set includes:

v_j,i=k_j+2^e(i-1),I=1,2 ..., m,

J=1,2 ..., n

Above the small set { (v generating_j,0,p_j,0),(v_j,1,p_j,1),...,(v_j,m,p_j,m) constitute the alternate data item encrypted, The alternate data item of described encryption has n: { (v_j,0,p_j,0),(v_j,1,p_j,1),...,(v_j,m,p_j,m) (j=1,2 ..., n), The alternate data item set of its composition encryption.

5. method according to claim 4 it is characterised in that:

The detailed process of the alternate data item validation verification of described encryption is as follows:

1) determine be associated with described Intellisense terminal alternate data item when, if Intellisense terminal have selected " standby Select data item c_i", then data aggregation node will be with c_iAlternate data item { the d of corresponding encryption₁,d₂,...,d_mAnd (v_j,i,p_j,i) Output, and append the digital signature of Intellisense terminal；

2) when Intellisense terminal selects to confirm, if selected for " reselecting " option, then data aggregation node will (v_j,0,p_j,0) and v_j,0Corresponding m decimal number { d '₁,d′₂..., d '_mOutput, and reselected；

3) Intellisense terminal can be verified in real time: for two groups of digital { d₁,d₂,...,d_mAnd { d '₁,d′₂,..., d′_m, except d_i-d′_i=1, other m-1 numerals are all equal；If be unsatisfactory for, illustrate that the data of data aggregation node is deposited In mistake；

4) terminate data submit to after, Intellisense terminal it is possible to verify that output p_j,0、p_j,iAnd the number of data aggregation node Whether word signature is effective；If invalid, there is mistake in the data that terminal reports this data aggregation node to data aggregation server By mistake；

5) if the alternate data item subitem (v of encryption_j,i,p_j,i) being used as validation verification, then its corresponding encryption is alternative Data item is equivalent to and is cancelled；Data aggregation node is only by (v_j,0,p_j,0) it is submitted to data aggregation server.

6. a kind of network data lens system, described system includes network data aggregation server, multiple network data assembles section Point and multiple Intellisense terminals it is characterised in that

Described network data aggregation server includes:

Bulletin unit, to the multiple Intellisense terminal broadcast message in network data lens system to start network data gathering Process, the digital signature of the subsidiary described network data aggregation server of described message, to prevent attacker from described message is usurped Change；And, the data of determination is assembled result and is announced using BBS mode, and the data to described determination is provided Assemble inquiry and the checking of result；

Registering unit, before network data accumulation process starts, is intelligently felt to each using line under type and/or online mode Know that terminal is registered, generate public, private key pair for each Intellisense terminal, public key as the assumed name of its own and is sent To data aggregation server, and preserve private key, wherein said Intellisense in the Intellisense terminal memory cell of itself It is submitted to using private key pair data report is digitally signed by terminal, to ensure that data is not tampered with, data service aggregation After the legitimacy of described Intellisense terminal verified by device, the public key of described Intellisense terminal is saved in legal assumed name list In；

Initialization unit, generates common parameter, chooses random number according to common parameter, and it is secret to calculate generation according to random number Random number；The safety certificate being associated with secret random number according to described common parameter and secret random number calculating；According to institute State common parameter, secret random number and the collection of the alternate data item of safety certificate generation encryption being associated with secret random number Close；

Data accumulation unit, the alternate data item set of described encryption is input to the backstage of each data aggregation node in network In database；The list of the authentication information of all legal Intellisense terminals is input to the backstage of each data aggregation node Database；

Data statistics unit, four-tuple < Intellisense terminal assumed name, the encryption according to the Intellisense terminal collected in network Data item, the signature of Intellisense terminal, the signature of data aggregation node > carry out data statistics, true according to described data statistics Fixed number is according to gathering result；

Data aggregation node, using in network data aggregation server storage multiple Intellisense terminals log-on message to phase The Intellisense terminal answered is authenticated, by the Intellisense terminal of certification encryption alternate data item in determine with described The data that Intellisense terminal is associated, described data aggregation node record four-tuple < Intellisense terminal assumed name, encryption data , the signature of Intellisense terminal, the signature of data aggregation node >, described four-tuple is submitted to data as data report Aggregation server；

Data intelligence perception terminal, determines the data being associated with described Intellisense terminal in the alternate data item of encryption.

7. network data lens system according to claim 6 it is characterised in that:

Described common parameter includes following part: 1) two Big prime p, q, meets 2q=p-1, and requires the group being formed according to pOn discrete logarithm problem difficulty assume set up, thus ensure encrypt alternate data item be not cracked；2) existIn Q rank element g, h randomly selecting: generated by gCyclic subgroup be g；3) Intellisense terminal maximum value possible n, encryption Alternate data item number n=ε n, wherein ε >=2 be safety coefficient；4) secure hash function h₁:{0,1}^*→z_q, wherein z_qFor Group and be used for generate encryption alternate data item when construct non-interactive zero-knowledge proof；5) alternative item set is combined into {c₁,c₂,…,c_m, m is alternate data item number；

Described system common parameter q, m and n meet condition:WhereinWithRepresent respectively Take whole and take off whole；

Described random number from set [0,1 ..., 2^e] middle selection, wherein

8. network data lens system according to claim 6 it is characterised in that:

Described Intellisense terminal is sensor, point-of-sale terminal, personal digital assistant, smart mobile phone, tablet PC and wireless One of phone.

9. network data lens system according to claim 7, the alternate data item set wherein generating encryption is specifically wrapped Include:

1) random number is chosen according to common parameter, and generation secret random number is calculated according to random number and include:

From integer set [0,1 ..., 2^e] in take 2m group, wherein every group of n-1 random number:

{k_1,1,k_1,2,...,k_1,n-1},{k_2,1,k_2,2,...,k_2,n-1},…,{k_m,1,k_m,2,...,k_m,n-1},

{t_1,1,t_1,2,...,t_1,n-1},{t_2,1,t_2,2,...,t_2,n-1},…,{t_m,1,t_m,2,...,t_m,n-1}

Wherein k and t represents random number；

Then calculate:

Calculated again based on result above:

{ the k that easily proof generates according to the method described above₁,k₂,...,k_n}、{t₁,t₂,...,t_nNecessarily satisfying for:

{k₁,k₂,...,k_n}、{t₁,t₂,...,t_nPacify as secret random number during the alternate data item generating encryption Full mode is preserved；

2) included with the safety commitment of secret random number according to described common parameter and secret random number calculating:

Calculate:

It can easily be proven that { w₁,w₂,...,w_nMeet:

Can be by { w₁,w₂,...,w_nRegard as with regard to secret random number { k₁,k₂,...,k_n}、{t₁,t₂,...,t_nSafety hold Promise；Safety commitment will not betray the pot to the roses any information of random number, once announcing safety commitment, generation side cannot adopt different Secret random number is used for producing the alternate data item of encryption；

3) safety commitment according to described common parameter, secret random number and secret random number generates the alternate data item of encryption Set includes:

v_j,0=k_j,

v_j,i=k_j+2^e(i-1),I=1,2 ..., m,

J=1,2 ..., n

The above { (v generating_j,0,p_j,0),(v_j,1,p_j,1),...,(v_j,m,p_j,m) constitute an alternate data item encrypted, this The alternate data item of the encryption of sample has n (the alternate data item set of composition encryption): { (v_j,0,p_j,0),(v_j,1, p_j,1),...,(v_j,m,p_j,m) (j=1,2 ..., n).

10. network data lens system according to claim 9 it is characterised in that:

The detailed process of the alternate data item validation verification of described encryption is as follows:

1) when Intellisense terminal selects it is assumed that Intellisense terminal have selected " alternate item c_i", then data aggregation node will be with c_iAlternate data item { the d of corresponding encryption₁,d₂,...,d_mAnd (v_j,i,p_j,i) output, and append the digital signature of oneself；

2) when Intellisense terminal selects to confirm, if Intellisense terminal have selected " reselecting " option, data is gathered Collection node is by (v_j,0,p_j,0) and v_j,0Corresponding m decimal number { d '₁,d′₂,...,d′_mOutput, and return to selection interface；

3) Intellisense terminal is verified on the spot: for two groups of digital { d₁,d₂,...,d_mAnd { d '₁,d′₂,...,d′_m, except d_i- d′_i=1, other m-1 numerals are all equal；If be unsatisfactory for, illustrate data aggregation node in cheating；

4), after terminating the alternate data item submission of encryption, Intellisense terminal can also be by means of the p of software verification output_j,0、 p_j,iAnd whether the digital signature of data aggregation node is effective；If invalid, Intellisense terminal can be gathered to network data Collection server complains this data aggregation node；

5) if the alternate data item subitem (v of encryption_j,i,p_j,i) be used for doing validation verification, then the alternate data of this encryption Item is equivalent to and is cancelled, and data aggregation node is only by (v_j,0,p_j,0) it is submitted to network data aggregation server.